"Spyware Log","2005/03/23","LARRY-DESKTOP"
"Time","Threat Name","Result"
"11:21","ADW_TARGETSAV.A","Spyware Detected"
"11:21","ADW_ISTBAR.K","Spyware Detected"
"11:21","ADW_ISTBAR.E","Spyware Detected"
"11:21","ADW_ISTBAR.B","Spyware Detected"
"11:21","ADW_ISTBAR.ER","Spyware Detected"
"11:21","ADW_TARGETSAV.A","Clean succeeded"
"11:21","ADW_ISTBAR.K","Clean succeeded"
"11:21","ADW_ISTBAR.K","Spyware Detected"
"11:21","ADW_ISTBAR.E","Spyware Detected"
"11:21","ADW_ISTBAR.B","Spyware Detected"
"11:21","ADW_ISTBAR.ER","Spyware Detected"
"11:21","ADW_ISTBAR.K","Clean succeeded"
"11:22","ADW_ISTBAR.K","Spyware Detected"
"11:22","ADW_ISTBAR.E","Spyware Detected"
"11:22","ADW_ISTBAR.B","Spyware Detected"
"11:22","ADW_ISTBAR.ER","Spyware Detected"
"11:22","ADW_ISTBAR.K","Clean succeeded"
"11:23","ADW_ISTBAR.K","Spyware Detected"
"11:23","ADW_ISTBAR.E","Spyware Detected"
"11:23","ADW_ISTBAR.B","Spyware Detected"
"11:23","ADW_ISTBAR.ER","Spyware Detected"
"11:24","ADW_ISTBAR.K","Clean succeeded"
StartupList report, 3/25/2005, 6:52:19 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Larry\Desktop\Misc\Antivirus\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Postyware\ZoomBot\zoombotsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Energizer FileSaver\Energizer FileSaver.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Postyware\ZoomBot\zoombot.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logon.scr
C:\Documents and Settings\Larry\Desktop\Misc\Antivirus\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Larry\Start Menu\Programs\Startup]
PowerReg Scheduler.exe
Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Energizer FileSaver.lnk = C:\Program Files\Energizer FileSaver\Energizer FileSaver.exe
ZoomBot.lnk = ?
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AGRSMMSG = AGRSMMSG.exe
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
Logitech Utility = Logi_MwX.Exe
sunasDtServ = C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
InCD = C:\Program Files\Ahead\InCD\InCD.exe
(Default) =
sunasServ = C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
SiS Tray = C:\WINDOWS\system32\sistray.EXE
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
ala.exe = c:\program files\access lock\ala.exe /L
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
NBJ = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\plusaqar.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Backup Que.job
--------------------------------------------------
Enumerating Download Program Files:
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc2.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll
--------------------------------------------------
End of report, 6,117 bytes
Report generated in 0.015 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only